From a7cebcbb50ec5127b91a216c0b9ab0abe6cc0adf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E7=82=B3=E6=B8=85?= <3489919293@qq.com> Date: Tue, 23 Mar 2021 13:53:39 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D@Inner=E6=B3=A8=E8=A7=A3?= =?UTF-8?q?=E5=9C=A8=E7=B1=BB=E4=B8=8A=E6=8B=A6=E6=88=AA=E6=97=A0=E6=95=88?= =?UTF-8?q?=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/security/component/PigSecurityInnerAspect.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java index 04e236a9..5007a2c8 100644 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigSecurityInnerAspect.java @@ -26,6 +26,7 @@ import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.springframework.core.Ordered; +import org.springframework.core.annotation.AnnotationUtils; import org.springframework.security.access.AccessDeniedException; import javax.servlet.http.HttpServletRequest; @@ -44,8 +45,13 @@ public class PigSecurityInnerAspect implements Ordered { private final HttpServletRequest request; @SneakyThrows - @Around("@annotation(inner)") + @Around("@within(inner) || @annotation(inner)") public Object around(ProceedingJoinPoint point, Inner inner) { + //实际注入的inner实体由表达式后一个注解决定,即是方法上的@Inner注解实体,若方法上无@Inner注解,则获取类上的 + if(inner == null){ + Class clazz = point.getTarget().getClass(); + inner = AnnotationUtils.findAnnotation(clazz, Inner.class); + } String header = request.getHeader(SecurityConstants.FROM); if (inner.value() && !StrUtil.equals(SecurityConstants.FROM_IN, header)) { log.warn("访问接口 {} 没有权限", point.getSignature().getName());